Troubleshooter: Using Separate IMF Thresholds for Different Groups

I work for a school and want to apply one spam-filtering threshold for faculty and staff and another for students. Can I use the Microsoft Exchange Intelligent Message Filter (IMF) to do this?

If ease of use is important to you, I recommend using a third-party antispam product, such as Nemx Software's Power Tools for Exchange or NetIQ's MailMarshal, that lets you apply different filtering standards to different users. That said, you can achieve a certain level of differentiation with IMF. Just be aware that the process is a bit convoluted.

IMF lets you set two thresholds: a gateway threshold, applied at the server level as messages arrive from the outside world, and a Store threshold, applied at the Store level as messages are delivered to recipients' mailbox stores. (If you aren't already familiar with IMF, you can learn more by reading "Deploying Exchange Intelligent Message Filter," September 2004, InstantDoc ID 43151, or the Web-exclusive article "The Exchange Intelligent Message Filter," June 2004, InstantDoc ID 42682.) However, both of these thresholds are global: Both settings are stored in a forest's Configuration naming context (NC) and so apply to every IMF instance you add to your Exchange organization. If you need to set different thresholds at both the gateway and Store level, you'll need to put your faculty and staff's mailboxes on one server and your students' mailboxes on a different server—essentially creating a two-forest Exchange deployment. If differentiating between the groups is necessary at only the gateway level, you can take the following steps:

  1. Create recipient policies that give the faculty/staff group and the student group different SMTP address spaces (e.g., *@faculty.yourschool.edu and *@students.yourschool.edu). Let's call these address spaces F (for faculty) and S (for students).
  2. Build a Windows Server 2003 or Windows 2000 domain controller (DC) in a new Active Directory (AD) forest. Install Exchange Server 2003 and IMF on the DC. You'll use this machine as the IMF gateway server for address space S.
  3. Follow the IMF deployment guide instructions to create SMTP connectors between the two forests, using cross-forest authentication. Configure the DC server to act as a relay server for the specified domain (i.e., students.yourschool.edu), and point the connector at your original Exchange server so that mail sent to users in address space S can be relayed to the mailbox server.
  4. Create an MX record for address space S, then point that record to the DC server. Doing so lets the server receive mail for recipients in address space S.
  5. Configure IMF on the DC server with the antispam settings you want to use for the students. These settings will apply only to recipients in address space S.
  6. Install IMF on your original Exchange 2003 server, to which the MX record for address space F points. For this IMF configuration, use the settings you want to apply to faculty and staff in address space F.

At the conclusion of this admittedly involved process, you'll be able to set separate gateway limits for address spaces F and S because IMF doesn't rescreen messages from authenticated users. When mail arrives for a recipient in address space S, IMF on the DC server scans the message and assigns it a spam confidence level (SCL), which persists as the message passes from the address space to the mailbox server. Mail for recipients in address space F arrives directly at the mailbox server and is evaluated according to the SCL you set on that server's instance of IMF. Messages for both sets of recipients are evaluated against the same Store threshold when the messages are submitted for delivery to the mailbox stores.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish